New Android ransomware targets smart TVs

It seems like you can’t go more than a few days lately without hearing about another ransomware attack. Sometimes it’s just regular folks getting hit by the scammers, but it can also be hospitals, universities, and businesses. Now, a new version of the Frantic Locker (or FLocker) Android ransomware has started popping up that goes after more than your phone or tablet. The new FLocker can lock down your TV until you pay up. And no, it doesn’t care that Game of Thrones is on.

FLocker has existed for a while now — it’s actually very well-maintained by ransomware standards. The developer is constantly updating the package and adding support for new Android system changes. In a new version of the malware, the owners added support for Android-powered smart TVs.

Weirdly, FLocker won’t work on Android devices that are in Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia, or Belarus. The first thing it does when reaching a new system (you have to install it somehow) is check its location. If it’s not in one of those countries, it attempts to install a command and control system on the smartphone or TV. Android has more security measures than your average Windows PC, believe it or not. In order to take control of your system, it needs administrator access. This is where the Android ransomware diverges from PC ransomware.

You can’t just encrypt important system data on an Android device without root access, which most devices don’t have. Thus, FLocker tries to get the user to grant administrator access, which allows it to control the screen and prevents it from being uninstalled. It starts by asking nicely, then gets serious with a fake system update warning. When it has admin, FLocker locks the screen to a fake law enforcement notice. As a fine for some unclear criminal activity, the owner of the TV or phone is asked to pay $200. Is the strangest twist yet, this fine must be paid via iTunes gift cards.

Because we’re not dealing with an encrypted volume, it is possible to fix the FLocker ransomware yourself. You’ll need a computer with the Android developer tools running. Using an ADB command, you can kill the malware process that’s locking the screen, then go into the settings and revoke its administrator access. That’s not an overly technical process, but you need to already have ADB debugging enabled on your device. If that’s not possible, you’ll have to factory reset. That may or may not even be an option on your TV, so Trend Micro suggest contacting the manufacturer.